On Sept. 14, Greenberg Traurig attorneys will present a full day of CLE programming at the GT Miami office that highlights the latest risks every company should be focused on. Each session will present practical guidelines on cutting-edge issues to help counsel materially reduce current risk while discussing what’s next. View detailed symposium agenda here

On Aug. 9, 2023, a tutoring company agreed to pay $365,000 to settle an artificial intelligence (AI) lawsuit with the Equal Employment Opportunity Commission (EEOC). The settlement comes on the heels of multiple EEOC warnings to employers about potential discrimination associated with the use of AI for hiring and workplace decisions.

Continue reading the full

In September 2021, Quebec’s Parliament passed Law 25 (formerly Bill 64), which significantly overhauled the Act Respecting the Protection of Personal Information in the Private Sector. Law 25 imposes several new obligations on enterprises who do business in Quebec, which obligations have periodically gone into effect since the enactment of Law 25.

Click here for

The term “data minimization” generally refers to two requirements within the GDPR: (1) a company should only collect and process personal data that is “necessary” in relation to its purpose, and (2) a company should keep data for “no longer than is necessary for [that] purpose[].”[1] Put differently, a company should only collect what

Data is typically added to an AI to explain a problem, situation, or request (“input data”). Some popular AI models refer to input data by the term “prompt” as the user is prompting the AI to initiate an action, or to create additional information. Prompts can take different forms such as text prompts or image

On July 26, 2023, the Securities and Exchange Commission (SEC) adopted the long-awaited final rule requiring that public companies disclose information about cybersecurity incidents within four business days of determining the incident is material. GT wrote about the proposed rule shortly after it was released in March 2022. For context, Commissioner Caroline Crenshaw noted, in

The GDPR allows individuals to request that their information be deleted in the following situations:[1]

  • Companies must delete data upon request if the data was processed based solely on consent. The GDPR recognizes that companies may process data based on six alternate lawful grounds.[2] One of these is where a person has given

Rebekah S. Guyon, a member of GT’s Litigation and Data Privacy & Cybersecurity Practices, was quoted in a Corporate Counsel article titled “Suits Flooding Courts Seize on Decades-Old Wiretapping Laws to Allege Data Breaches.”

Click here to read the full Corporate Counsel article. (subscription required)

On May 10, 2023, the National Institutes of Standards and Technology (NIST) released Revision 3 to its foundational publication, 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. The publication provides guidelines for protecting sensitive unclassified information in contractor systems, and these guidelines establish the baseline cybersecurity requirements for federal defense contractors. 

It is important to always confirm and understand all the various requirements of laws applicable to the sensitive personal information being processed.
Continue Reading Processing Sensitive Personal Information under U.S. State Privacy Laws